| From: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
|---|---|
| To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: sunsetting md5 password support |
| Date: | 2024-10-09 20:31:01 |
| Message-ID: | CAKAnmmK73voOLA59G9sXjRuVZgNy8nT2Cmcxk-k6EZ3s3q+wOw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Big +1 to the idea, but it's not going to be pretty; there is a lot of
baked-in MD5 stuff around.
> 2. In v19, allow upgrading with MD5 passwords and allow authenticating
> with them, but disallow creating new ones (i.e., restrict/remove
> password_encryption and don't allow setting pre-hashed MD5 passwords).
>
Certainly not remove it, that would break lots of things. Perhaps one
release with a strong warning when md5 is used, that cannot be disabled,
then disallow new ones?
> 3. In v20, allow upgrading with MD5 passwords, but disallow using them
> for authentication.
Again, maybe a release that complains real loudly but still allows it?
> 4. In v21, disallow upgrading with MD5 passwords.
You mean having pg_upgrade refuse to go on? Or maybe have it empty the
passwords out?
Cheers,
Greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2024-10-09 20:40:28 | Re: Refactoring postmaster's code to cleanup after child exit |
| Previous Message | Jelte Fennema-Nio | 2024-10-09 20:30:15 | Re: sunsetting md5 password support |